A Hacker's Breach Exposes US Government Messages

A Hacker's Breach Exposes US Government Messages

Recently, a serious security breach has exposed sensitive information from an Israeli firm called TeleMessage. The company provides modified versions of popular messaging apps like Signal and WhatsApp to the U.S. government.

The breach was reported by 404media, which revealed that the hacker stole data from TeleMessage, including direct messages and group chats sent using its modified Signal clone. This exposed a range of sensitive information, including government contact details, backend credentials, and client clues.

According to reports, 404 Media confirmed the breach by contacting Customs and Border Protection (CBP) officials listed in the data, verifying the authenticity of the leaked messages. The breach highlights the risks associated with relying on modified versions of popular apps, especially when chats aren't end-to-end encrypted between the apps and their archives.

Although cabinet-level messages were not compromised during the breach, sensitive discussions between top U.S. officials, including Mike Waltz, who accidentally revealed he was using TeleMessage's modified version of Signal during a cabinet meeting with President Trump, raised significant concerns about national security.

The server that the hacker compromised is hosted on Amazon AWS’s cloud infrastructure in Northern Virginia. 404 Media confirmed this by reviewing the source code of TeleMessage's modified Signal app for Android and making an HTTP request to the server.

Furthermore, data belonging to Coinbase and other financial entities was also leaked during the breach. A screenshot from the hacker's access to a TeleMessage panel lists the names, phone numbers, and email addresses of CBP officials, indicating that there may be over 700 government officers included in the stolen data.

The entire breach is a wake-up call for security teams and individuals relying on modified versions of popular messaging apps. With such sensitive information exposed, it's clear that end-to-end encryption is crucial to protect against future breaches.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon for the latest news on cybersecurity and data breaches.